[jira] [Commented] (YARN-9708) Yarn Router Support DelegationToken

[ASF GitHub Bot (Jira)]

    [ 
https://issues.apache.org/jira/browse/YARN-9708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583991#comment-17583991
 ] 

ASF GitHub Bot commented on YARN-9708:
--------------------------------------

slfan1989 commented on code in PR #4746:
URL: https://github.com/apache/hadoop/pull/4746#discussion_r953335382


##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-router/src/test/java/org/apache/hadoop/yarn/server/router/secure/TestRouterDelegationTokenSecretManager.java:
##########
@@ -0,0 +1,198 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.yarn.server.router.secure;
+
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.token.delegation.DelegationKey;
+import org.apache.hadoop.test.LambdaTestUtils;
+import org.apache.hadoop.util.Time;
+import org.apache.hadoop.yarn.exceptions.YarnException;
+import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
+import org.apache.hadoop.yarn.server.router.clientrm.RouterClientRMService;
+import 
org.apache.hadoop.yarn.server.router.security.RouterDelegationTokenSecretManager;
+import org.junit.Assert;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+public class TestRouterDelegationTokenSecretManager extends 
AbstractSecureRouterTest {
+
+  private static final Logger LOG =
+       LoggerFactory.getLogger(TestRouterDelegationTokenSecretManager.class);
+
+  @Test
+  public void testRouterStoreNewMasterKey() throws Exception {
+    LOG.info("Test RouterDelegationTokenSecretManager: StoreNewMasterKey.");
+
+    // Start the Router in Secure Mode
+    startSecureRouter();
+
+    // Store NewMasterKey
+    RouterClientRMService routerClientRMService = 
this.getRouter().getClientRMProxyService();
+    RouterDelegationTokenSecretManager secretManager =
+        routerClientRMService.getRouterDTSecretManager();
+    DelegationKey storeKey = new DelegationKey(1234, 4321, 
"keyBytes".getBytes());
+    secretManager.storeNewMasterKey(storeKey);
+
+    // Get DelegationKey
+    DelegationKey paramKey = new DelegationKey(1234, 4321, 
"keyBytes".getBytes());
+    DelegationKey responseKey = 
secretManager.getMasterKeyByDelegationKey(paramKey);
+
+    Assert.assertNotNull(paramKey);
+    Assert.assertEquals(storeKey.getExpiryDate(), responseKey.getExpiryDate());
+    Assert.assertEquals(storeKey.getKeyId(), responseKey.getKeyId());
+    Assert.assertTrue(Arrays.equals(storeKey.getEncodedKey(), 
responseKey.getEncodedKey()));

Review Comment:
   I will fix it.





> Yarn Router Support DelegationToken
> -----------------------------------
>
>                 Key: YARN-9708
>                 URL: https://issues.apache.org/jira/browse/YARN-9708
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: router
>    Affects Versions: 3.1.1
>            Reporter: Xie YiFan
>            Assignee: fanshilun
>            Priority: Minor
>              Labels: pull-request-available
>         Attachments: Add_getDelegationToken_and_SecureLogin_in_router.patch, 
> RMDelegationTokenSecretManager_storeNewMasterKey.svg, 
> RouterDelegationTokenSecretManager_storeNewMasterKey.svg
>
>
> 1.we use router as proxy to manage multiple cluster which be independent of 
> each other in order to apply unified client. Thus, we implement our 
> customized AMRMProxyPolicy that doesn't broadcast ResourceRequest to other 
> cluster.
> 2.Our production environment need kerberos. But router doesn't support 
> SecureLogin for now.
> https://issues.apache.org/jira/browse/YARN-6539 desn't work. So we 
> improvement it.
> 3.Some framework like oozie would get Token via yarnclient#getDelegationToken 
> which router doesn't support. Our solution is that adding homeCluster to 
> ApplicationSubmissionContextProto & GetDelegationTokenRequestProto. Job would 
> be submitted with specified clusterid so that router knows which cluster to 
> submit this job. Router would get Token from one RM according to specified 
> clusterid when client call getDelegation meanwhile apply some mechanism to 
> save this token in memory.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org